diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2021-11-18 13:04:52 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-18 13:04:52 +0300 |
| commit | 5f113f5699211fb6106c37443bf76d60e7811a1f (patch) | |
| tree | ad254bcd4e7bd19a18bc51814767850847f294c7 /include | |
| parent | 6a7a06a72aef5e19bf8676a2a8cbb13288982e81 (diff) | |
| parent | 9819ac4023f2499231f07e93b40ed1cef49f0b19 (diff) | |
Merge pull request #1223 from konstruktoid/ISSUE1219
allow unknown number of spaces in modprobe blacklists
Diffstat (limited to 'include')
| -rw-r--r-- | include/tests_filesystems | 15 | ||||
| -rw-r--r-- | include/tests_networking | 4 |
2 files changed, 9 insertions, 10 deletions
diff --git a/include/tests_filesystems b/include/tests_filesystems index ce93b018..480ba40a 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -619,7 +619,6 @@ Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_PARTIALLY_HARDENED}" --color YELLOW AddHP 4 5 else - # if if ContainsString "defaults" "${FOUND_FLAGS}"; then LogText "Result: marked ${FILESYSTEM} options as default (not hardened)" Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_DEFAULT}" --color YELLOW @@ -838,13 +837,13 @@ fi FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) if [ -n "${FIND}" ]; then - FIND1=$(${EGREPBINARY} "blacklist ${FS}" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - FIND2=$(${EGREPBINARY} "install ${FS} /bin/true" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then - Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN - LogText "Result: module ${FS} is blacklisted" - fi - fi + FIND1=$(${EGREPBINARY} "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + FIND2=$(${EGREPBINARY} "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then + Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN + LogText "Result: module ${FS} is blacklisted" + fi + fi done if [ ${FOUND} -eq 1 ]; then Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}" diff --git a/include/tests_networking b/include/tests_networking index c615e6d0..7faf7125 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -750,7 +750,7 @@ UNCOMMON_PROTOCOL_DISABLED=0 # First check modprobe.conf if [ -f ${ROOTDIR}etc/modprobe.conf ]; then - DATA=$(${GREPBINARY} "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.conf) + DATA=$(${GREPBINARY} "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.conf) if [ -n "${DATA}" ]; then LogText "Result: found ${P} module disabled via modprobe.conf" UNCOMMON_PROTOCOL_DISABLED=1 @@ -759,7 +759,7 @@ # Then additional modprobe configuration files if [ -d ${ROOTDIR}etc/modprobe.d ]; then # Return file names (-l) and suppress errors (-s) - DATA=$(${GREPBINARY} -l -s "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*) + DATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/*) if [ -n "${DATA}" ]; then UNCOMMON_PROTOCOL_DISABLED=1 for F in ${DATA}; do |